Enhanced network services often involve preferential allocation of resources such as transmission capacity (”band- width”) and buffer space to packets belonging to certain flows or traffic classes. Such services are vulnerable to denial-of-service attacks if access to those resources is granted based on information that can be forged, such as source and destination addresses and port numbers. Traditional message authentication codes (MACs) are not de- signed to solve this problem and have high per-packet processing costs. In this paper we propose a packet authentication algorithm specifically designed to solve the problem of protecting access to reserved network resources. We present measurements from a prototype implementation, and argue that our approach is a better solution for this problem than traditional MACs.
為了持續優化網站功能與使用者體驗,本網站將Cookies分析技術用於網站營運、分析和個人化服務之目的。
若您繼續瀏覽本網站,即表示您同意本網站使用Cookies。